The present invention relates to a technique for allowing a managed unit, such as a document creation unit, which receives a time from a time distribution unit, to indicate authenticity of the time when transmitting a document with an additional record of the time to a managing unit, and a technique for allowing a managing unit receiving a document from a managed unit to determine whether the managed unit operates according to a system manager's intention.
At present, as many terminals automatically incorporate time information in all types of data while maintaining the time information, the time information is recorded in almost all electronic documents. However, in current systems, a user using a terminal or unintended software of the user may readily tamper time information on the terminal or time information recorded in a document, thereby making it difficult for an electronic document creator to assure an electronic document recipient of authenticity of a time.
A technique, called a timestamp, to solve the above problem is disclosed in RFC3161 Timestamp Protocol (referred to hereinafter as Document 1). According to this technique, when an electronic document is given and received between an electronic document creator and an electronic document recipient, the electronic document creator transmits the electronic document to a third party that provides a timestamp service, and the third party additionally records time information in the electronic document, executes a digital signature to the electronic document and sends the electronic document back to the electronic document creator, so that the electronic document creator can indicate to the electronic document recipient that the electronic document has been present at a time corresponding to the time information, and assure the electronic document recipient that the electronic document has not been tampered. Also, the electronic document recipient needs to know in advance that the time granted to the electronic document by the third party is accurate information.
On the other hand, a system manager must often determine from a remote site whether a unit under management thereof operates as it is supposed to. For example, in order to trust log information created by a certain unit, the manager has to determine whether a group of software modules creating the log information operate correctly. One means for realizing this is a Trusted Computing technology using a Trusted Platform Module (TPM). For example, means for verifying that software in a unit is not tampered, using the TPM, is disclosed in Japanese Patent Laid-open Publication No. 2005-301550 (referred to hereinafter as Document 2). According to this document, a certain unit stores hash values of all software operating therein in an auxiliary storage unit, such as a hard disk drive (HDD), and the TPM and then sends all the hash value information to a separate unit nearest to the manager, thereby enabling the manager to verify reliability of a unit located at a remote site.